There are many reasons why the cmd method will not work
quote:
Originally posted by Chris4
After you move into C:\Users\David\AppData\Roaming\, enter dir which will list the files in that folder.
If
del said the file can't be found then
dir will certainly not do any good.
The file might be hidden for starters. (although in that case
del should have worked if it was just hidden - though there are other file attributes which might prevent the file from being deleted)...
All in all, using the CMD prompt isn't the best way to tackle this (unless you're fluent in DOS).
----------
Note about AutoRuns:
1) Don't untick an entry if you want to permanently remove it. Instead choose "Delete" from the right-click context menu.
Unticking an entry will simply remove the entry from that registry key, but a backup will still be saved by AutoRuns.
2) "Save" will export the current list, it will not remove any entries at all.
3) Autoruns will only show the entry for the current logged in user. There are also entries for the Administrator for example. You can switch between the user by going to the User menu and selecting the appropiate user. What you remove in one user account might still exist in another user account (eg: admin account).
----------
Note about hvex.exe:
Judging from your screenshots, the hvex.exe tool was made in Visual Basic (it has that typcial default VB form icon). This is a very big indicator of something fishy.
If it is indeed some malware made in VB, chances are very high that it wont be detected by any anti-malware program.
This because such malwares are typcially made by so called script-kiddies and there are 1001 variations of such stuff (and anybody can make it). In fact, it probably doesn't do anything out of the ordinary, code-wise that is. In comparisson: WLM itself does far more "dangerous" and "suspecious" coding stuff. The difference is that WLM doesn't do things you do not want and doesn't try to hide it (ok, bugs set aside
). Hvex.exe probably also doesn't have any virus-like behaviour, which is spreading and infecting other files and people. It simply spams your contacts with links (and tries to infect them indirectly in that way). It is unfortunatly a very common IM-malware method these days...
All in all, it is "normal" that it wont be detected by any anti-malware or anti-virus tools though, unfortunatly.
----------
What you can try instead:
1) Go to your Task Manager and kill every hvex.exe process
2) Ope AutoRuns and find that hvex.exe entry again.
3) Right click on that entry and choose "
Jump to"
4) In the Registry Editor which popped up, delete the hvex.exe entry which is shown (right click on it and choose "
Delete" or "
Remove".)
5) Click on the very top of the registry tree (you can quickly go there by pressing the '
Home' button on your keyboard)
6) Search for any other hvex.exe string in your registry (Press
'CTRL'+'F' to open the Search dialog) and remove every entry you've found.
7)
Download and install the tool called
Unlocker
8) Open your Windows Search and enter
hvex.exe (just like you did
here).
9) Right click on the found entries and choose "
Unlocker"
10) In the Unlocker dialog, choose "
Unlock all" if you can
11) Attempt to remove the files directly from the Windows Search dialog (just like you did
here)
12) Uninstall
Unlocker again. Or at least, remove the
UnlockerAssistant from your Run registry key (you could again use AutoRuns for this) as this is not really needed.
/ 
